CVE-2020-16102

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.

CVSS v3 8.2 HIGH
CVSS v2.0 6.4 MEDIUM

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://security.gallagher.com/Security-Advisories/CVE-2020-16102	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre:8.00.1252:-::::::
	cpe:2.3:a:gallagher:command_centre:8.00.1252:maintenance_release7::::::
	cpe:2.3:a:gallagher:command_centre:8.10.1253:-::::::
	cpe:2.3:a:gallagher:command_centre:8.10.1253:maintenance_release6::::::
	cpe:2.3:a:gallagher:command_centre:8.20.1218:-::::::
	cpe:2.3:a:gallagher:command_centre:8.20.1218:maintenance_release4::::::
	cpe:2.3:a:gallagher:command_centre:8.30.1299:-::::::
	cpe:2.3:a:gallagher:command_centre:8.30.1299:maintenance_release2::::::

History

18 Nov 2021, 16:33

Type	Values Removed	Values Added
CWE	~~CWE-287~~	CWE-306

Information

Published : 2020-12-14 20:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-16102

Mitre link : CVE-2020-16102

CVE.ORG link : CVE-2020-16102

JSON object : View

Products Affected

gallagher

command_centre

CWE

CWE-306

Missing Authentication for Critical Function

CWE-287

Improper Authentication

{"id": "CVE-2020-16102", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "disclosures@gallagher.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2020-12-14T20:15:12.060", "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102", "tags": ["Vendor Advisory"], "source": "disclosures@gallagher.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "disclosures@gallagher.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions."}, {"lang": "es", "value": "Una vulnerabilidad de autenticaci\u00f3n inapropiada en Gallagher Command Center Server, permite a un atacante remoto no autenticado crear elementos con una configuraci\u00f3n no v\u00e1lida, causando potencialmente que el servidor se bloquee y que no vuelva a reiniciar. Este problema afecta a: Gallagher Command Centre versiones 8.30 anteriores a 8.30.1299(MR2); versiones 8.20 anteriores a 8.20.1218(MR4); versiones 8.10 anteriores a 8.10.1253(MR6); versiones 8.00 anteriores a 8.00.1252(MR7); versi\u00f3n 7.90 y anteriores"}], "lastModified": "2021-11-18T16:33:01.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEC327DD-614D-4F03-B77A-941EFE1269F3", "versionEndExcluding": "7.90.0"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "484DE0E5-B3A6-45BF-9765-95A2579A077A", "versionEndExcluding": "8.00.1252", "versionStartIncluding": "8.00"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FD0CD44-58B8-4BA4-9F8D-3A25E984F3B2", "versionEndExcluding": "8.10.1253", "versionStartIncluding": "8.10"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFAE071C-1C1B-49A0-9ED9-5A245D4C127D", "versionEndExcluding": "8.20.1218", "versionStartIncluding": "8.20"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE22EE9E-C228-4C51-BD4E-E67F7C6118A6", "versionEndExcluding": "8.30.1299", "versionStartIncluding": "8.30"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1252:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60D924CC-E467-4CDC-9879-5C4CF7D59350"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1252:maintenance_release7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6F0395-D22D-47AD-92E1-8A05FEB66C80"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1253:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "930BFF65-C8F9-4CF2-BEF4-9D7DA65C6A02"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1253:maintenance_release6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42B951CF-1EE2-4C83-9C34-8DC9800572CC"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1218:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8C3278B-BBB3-43E5-AA9F-7575F5C815DD"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1218:maintenance_release4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55231378-5292-43B2-90FE-6E6FE5FF18A5"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1299:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9908088-8A0A-4CFA-B539-5B1266D27074"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1299:maintenance_release2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5857DDB-BF50-4047-8698-1F15CF9EBBEF"}], "operator": "OR"}]}], "sourceIdentifier": "disclosures@gallagher.com"}